Cyber Defense Senior Security Engineer (Remote Possible)

Company Summary

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for seven consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

Job Summary

The Cyber Defense Team is responsible for delivering the following core services:

• Security Assessment Service
  • Penetration Testing
  • Threat Hunting
  • Breach & Attack Simulation
  • Red Team Exercises
• Cyber Threat Intelligence
• Cyber Threat Advisory Service

The Cyber Defense Senior Security Engineer is responsible for delivering the core services. They will interface with IT Groups across the company, client managers, business customers, third-parties, vendors, and auditors. The Cyber Defense Senior Security Engineer will design, implement, and operationalize the security solutions that they will use and that can be effectively delegated to other engineers or Security Analysts. The scope of Cyber Security Senior Security Engineers role extends across technical and administrative controls that enable the protection and availability of business and IT systems.  They will be required to understand the Security Architecture, policies and standards and are responsible for identifying risk and risk issues through the course of their work. The Cyber Defense Senior Security engineer will be responsible for continuously detecting, analyzing, and combating advanced threats that could compromise the organization and their assets. Once they identify these threats, they will work towards ensuring that the correct mitigating actions are taken as necessary.

Essential Functions

• Search for and identify cyber threats.
• Monitor and analyze network and security event data through regular assessments
• Investigate intrusion attempts and perform in depth analysis of exploits
• Review security events that are reported in the SIEM
• Analyze a variety of network and host-based appliance and devices logs to identify weaknesses and recommend mitigating actions to configuration guides
• Set event and incident priority ratings
• Create threat hunt analysis reports describing methods use, scope , findings and recommendations
• Gather information on threat behavior.
• Plan and define threat hunts for immediate, short- and long-term execution
• Co-ordinate Penetration Testing, review and communicate results
• Organize and analyze the collected data to determine threat trends.
• Generate reports for IT administrators and business managers.
• Make relevant predictions for the future elimination of the cyber threat.
• Safeguard the company’s digital assets
• Design and develop processes and procedures to improve incident response times
• Produce reports and metrics

General Functions

• Leads technical direction in designing and implementing security solutions for corporate technical infrastructure and business applications.
• Participates in all phases of project planning in security service support, including functional requirements, design specifications, testing and quality assurance, implementation and support.
• Leads technical engineering services to support and update existing security systems and works to automate processes related to security implementations, monitoring, and enforcement.
• Investigates, recommends, evaluates, deploys and integrates security tools and techniques to improve our ability to protect corporate assets and infrastructure.
• Participates in technical risk assessments and security exposure analyses of systems, networks and business applications.
• Evaluates and implements security devices such as firewalls, IDS, IPS, threat correlation tools, vulnerability management tools, encryption capabilities, etc.
• Analyzes network elements and designs to ensure secure and optimal system and network performance and cost effectiveness.
• Responsible for assessing and managing information security risks to pre-existing current systems.
• Monitors, reports and resolves all security related problems and discrepancies.
• Participates as a member of the Information Security Incident Response Team.
• Interacts with internal and external clients on security requirements, identifies security process and develops strategies/solutions to security issues while maintaining tight security discipline.
• Develops test plan and implements rigorous testing prior to rollout of new systems into the production environment.
• Required to perform duties outside of normal work hours based on business needs.

Knowledge and Skills/Technology Used

• Has full understanding of the Security Kill Chain.
• Has strong analytical skills and is a logical thinker.
• Experience in implementing Information Security technologies and/or processes required.
• Experience in product evaluation and managing vendor relationships required.
• Experience in defining Information Security strategy and integrating security technologies into corporate frameworks.
• Must have hands on working knowledge of most of the following:
• Linux, Windows and MAC, AWS and Azure, firewall multi-layer design and implementation, router access list/packet filtering), WANs, LANs, the Internet, Intranets, network protocols and network services (i.e., telnet, ftp, etc.), Intrusion detection systems, Virtual Private Network (VPN), two factor authentication. Threat Intelligence platforms, MITRE ATT&CK framework, NIST and ISO Standards, Service NOW or similar GRC tools and ticketing systems

Typical Education

• Generally requires a BS Degree in Computer Science, Information Technology, Telecommunications, or Electrical Engineering, or equivalent work experience.

Typical Range of Experience

• Must have minimum 7 years cyber security experience.
• Must have 4+ years hands on experience performing Threat Hunting, Cyber Threat Intelligence Red Teaming, and knowledge of Vulnerability Management and Penetration Testing

License or Certification

• CISSP, CISM, GIAC, CCNA, CCNP, CEH preferred

This role is open to be remote for out-of-area candidates.

For candidates local to Santa Ana, CA and surrounding areas, the expectation would be onsite in a hybrid capacity (2 days per week).

Pay Range: $79,950 - $166,050

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

#LI-BR1

#techreferral

First American invests in its employees' development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.